Veridocx Brings On-Demand Secure Time Stamping to Small Business and Consumers
How Thales Time Stamp Server Enabled a Startup To Easily And Affordably Build a Web-Based Service For Non-repudiable Time Stamping.
The Goal: Bring non-Repudiable Time Stamping To a New Market.
Startup Australian company Veridocx wanted to offer an extremely valuable service to consumers and small businesses: secure, non-repudiable time stamping at an affordable price.
While time stamping for digital documents is not a new technology, it was previously primarily deployed by larger organizations with the need for higher numbers of transactions. Veridocx knew many consumers and small businesses had reasons to use a time stamping service – from protecting intellectual property to verifying the time a contract was signed to pinpointing the moment a transaction occurred. Yet there were no easy and affordable ways for consumers and small businesses to time stamp documents. Sending items through the mail or via email wasn’t a good option – envelopes and email headers could be easily tampered with. And taking a document to a lawyer for a third party witness was expensive and inconvenient.
Veridocx developed a simple business proposition: to provide an online service that lets anyone obtain a time stamp for a document and identify the document positively – for just a few dollars. The challenge would be to find the right time stamping solution. It would need to be tamperproof and reliable in order to sell the service with confidence. It would have to be affordable if Veridocx was to offer the service at rates consumers would find attractive. And it would have to integrate easily into their web application.
Key Features And Benefits
- High-assurance hardware security. Perform highly accurate time stamping for PKI-enabled applications, electronic records, and code signing—transforming electronic records into strong evidence.
- Easy integration with applications. Integrate secure time stamping functionality easily with business applications to time stamp digitally signed documents (e.g. PDFs), application code, or other electronic records.
- Accurate, auditable time stamps. Get superior time accuracy and auditability, with time stamps auditable to UTC.
- Tamper-resistant hardware. Protect the electronic time stamping process and keys through independently certified, tamper-resistant hardware.
The Solution: Thales Time Stamp Server
After considering a variety of options – from modifying off-the-shelf equipment to building custom time stamping hardware – Veridocx discovered that Thales Time Stamp Server satisfied all their requirements for security, affordability and ease of use.
The Time Stamp Server was easy to integrate into their web application – the Veridocx team had it up and running in less than a day. It was highly affordable, especially compared with the cost of a custom-built solution. With an on-board Hardware Security Module (HSM), the Time Stamp Server is tamper-resistant, supports recognized time stamping protocols such as RFC 3161 and is compliant with FIPS 140-2 Level 3. By performing the time stamping process within the HSM, the Thales Time Stamp Server allows Veridocx to assure its customers that no one outside or inside the company can tamper with the time stamping process.
With Thales Time Stamp Server, Veridocx is able to offer a solution that makes it extremely easy for anyone to cost-effectively time stamp, store and verify any digital file. Users simply log onto veridocx.com, pay a small fee and upload a file. The file gets a time stamp, the user gets verification and the time stamped file can then be download or stored on the Veridocx site for safekeeping. The Thales Time Stamp Server handles all of the actual time stamping process – the Veridocx website essentially serves as a large front end to an extremely flexible time stamping technology.
A Time Stamping Solution That Integrates Easily With Applications
Veridocx chose Thales was because Time Stamp Server was robust, mature and easy to integrate into the Veridocx web application. This enabled Veridocx to focus on building top-notch services for their customers. It took the Veridocx team less than a day to configure and integrate the Time Stamp Server into their platform.
The Thales Solution Also Offered Other Significant Benefits:
- Non-repudiability. This was essential to the Veridocx team. They needed to be able to promise and prove that no one could forge or tamper with a time stamp. With the time stamp keys securely protected in a hardware security module, Veridocx knew their time stamps were safe from hackers and other external threats, as well as from any internal threats. If it was necessary, they could use auditable security trails to prove that no one could have hacked into the Thales product to modify or tamper with a time stamp.
- Security. Unlike software-based systems in which administrators can easily manipulate time values, Time Stamp Server protects time stamping keys in independently certified, tamper-resistant hardware.
- Quality. The quality of the hardware made installation and operation easier and solved many of difficult security and reliability problems that arise in an implementation of this kind.
- Support. The Veridocx team discovered that the quality of Thales hardware was matched by the excellence in service and support they received on both the business and technical side.
- Reputation. Veridocx wanted to be able to market their service as having been built with the most secure and reputable time stamp technology available today, and Thales fit the bill.
- Affordability. Veridocx was able to implement the Thales solution at a cost that was far less than building their own system with custom software and off–the-shelf hardware.
Thales Time Stamp Server
Time Stamp Server from Thales eSecurity is a turnkey, networkattached appliance that keeps accurate time and creates secure time stamps to record creation time, filing time, or the timing of other events associated with electronic records and applications. By deploying a highly accurate and tamper-resistant electronic time stamping solution, organizations can verify the accuracy of time stamps used for digital records and improve the integrity and auditability of a broad range of critical processes. Ideal for organizations that need electronic document signing with proof of time for legal and compliance purposes, Time Stamp Server’s other common applications include financial transactions, lotteries and gaming, security logs, approval workflows, long-term archives, electronic lab books, and code signing.
Unlike software-based systems in which administrators can easily manipulate time values, Time Stamp Server protects time stamping keys in independently certified, tamper-resistant hardware. The time stamping component is validated to FIPS 140-2 Level 3 and Common Criteria EAL 4+, and can provide highly accurate time stamps auditable to Universal Coordinated Time (UTC) for secure time traceability to independent national atomic clocks.
- Supports PKI-enabled applications, electronic records and code signing
- Facilitates long-term auditability and enforces non repudiation
- Highly accurate and auditable to UTC
- Provides secure time traceability to independent national atomic clocks
- Tamper-resistant time stamping component
Protocols and Interfaces
- PKIX time stamp protocol (RFC 3161), ETSI TS 102 023 and 101 861
- Support for custom applications using optional toolkit (Java and C)
- Authenticode for code signing applications
Compatibility and Upgradeability
- Can be deployed with Thales Time Source Master Clock
- Integrates with Adobe Acrobat, LiveCycle, Microsoft Authenticode and Office
- Software upgradeable to latest releases